Vector 1

Threat Intelligence

The foundation of proactive defense. Know your adversaries before they know your attack surface.

Risk scoring

Every record gets a composite risk score derived from abuse history, network reputation, behavioral patterns, and known attack campaigns. Scores update continuously as new intelligence arrives.

Geolocation & attribution

Precise geolocation across 230+ countries. ISP identification, ASN mapping, and hosting-provider attribution for every record in the database.

Behavioral analysis

Pattern recognition across 224M+ records identifies scanning behavior, brute-force campaigns, credential stuffing, and coordinated attack infrastructure.

70+ public sources, plus our own

Continuously ingested from 70+ public threat-intelligence feeds and our own sensor network deployed on real infrastructure. Aggregated, deduplicated, and scored - no manual intervention.

Live sensor catches

Every attack against our own protected infrastructure becomes a labeled observation. New IPs are profiled and propagated in real time - the customers we defend make each other safer.

Export to your stack

Export threat data in standard formats for integration with your existing SIEM, firewall rules, or custom tooling. API and bulk export both supported.

Refresh as fast as the threat moves

Stale blocklists are worse than no blocklists. Panthero refreshes every record at the cadence its threat category deserves - from real-time profiling of brand-new attackers all the way to long-lived malicious networks revalidated up to every 30 days. No flat schedules. No blanket TTLs.

Threat category	Refresh window
Live sensor catches (brand-new attackers)	Real-time
Active brute-force attackers (SSH, FTP, IMAP, mail, SIP)	Hourly
Web attackers and scanners	Every few hours
Anonymous infrastructure (Tor, proxies, VPNs)	Every few hours
Botnets, command-and-control, malware infrastructure	Daily
Spam and abuse sources	Daily
Long-lived malicious networks (hijacked netblocks)	Up to 30 days

Vector 2

Active Defense

Block threats before they reach your application layer. The modern descendant of decades of battle-tested firewall scripts, packaged for the way you actually deploy software today.

django-panthero

A drop-in middleware for Django (and any Python framework that speaks WSGI or ASGI). Install with pip, add one line to your middleware list, and every request is verified against the full Panthero intelligence in real time.

panthero-agent (.deb)

A Debian package for any Linux server. Installs in seconds, enforces at the kernel layer with ipset, and reports back to your dashboard. Think fail2ban, but exponentially broader and continuously updated from our intelligence pipeline.

Real-time enforcement

Every request is checked against the live database before it touches your application. Verdicts in under one millisecond on the decision engine, with built-in caching for hot-path workloads.

Granular allowlists

Per-host IP and CIDR allowlists. Trusted partners, internal services, and known-good crawlers bypass threat checks without weakening your security posture.

Traffic logging

Every check creates an auditable record. Full request metadata, the risk score that drove the decision, and the action taken - stored for compliance reporting and forensic analysis.

Per-host policies

Different services need different defaults. Set risk thresholds, allowlists, rate limits, and monitor-only rollout per host. Multi-server environments managed from one dashboard.

Vector 3

ML Profiling & Scoring

A production machine-learning model scores every source by what it is trying to do, not just where it comes from. Behavioral profiling that gets sharper with every observation.

In production since 2018

The first ML model was built in 2013, before Panthero existed. The current production model has been scoring traffic since 2018 - the same year Panthero launched. Continuously refined ever since.

Intent classification

Sources are profiled by behavior - brute-forcer, scanner, spammer, scraper, exploit attempt, credential stuffer. Knowing the why drives smarter defaults than knowing only the where.

Continuous learning

Every blocked request from our sensor network becomes a labeled training example. The model gets sharper as the platform grows - and every customer benefits, on every plan, immediately.

Vector 4

Uptime & Health Monitoring

Continuous visibility into your infrastructure health. Know the moment something goes wrong - or is about to.

Heartbeats

Configurable health checks at intervals from 30 seconds to 30 minutes. HTTP, HTTPS, TCP, and ICMP probes with customizable expected responses and timeout thresholds.

Multi-location probes

Monitor from multiple geographic locations to detect regional outages and routing issues. Cross-reference results to distinguish local problems from global ones.

Instant alerts

Downtime notifications via email, Slack, and webhooks. Configurable escalation policies with retry logic that eliminates false positives before alerting your team.

Response-time tracking

Millisecond-precision response-time measurement with historical trends. Identify performance degradation before it becomes an outage.

Availability reports

Monthly and custom-period availability reports with SLA calculations. Exportable for stakeholder reporting and compliance documentation.

Status pages

Public and private status pages for your services. Communicate uptime to your customers with branded, real-time dashboards powered by your monitoring data.

Vector 5

DDoS & Bot Mitigation

Volumetric and application-layer attack detection paired with behavioral fingerprinting. Stop the flood and tell humans from automation - in the same pass.

Volumetric detection

Traffic analysis identifies anomalous volume patterns at the edge. Automated mitigation triggers before your services feel the impact.

Application-layer detection

Slow-loris, request floods, and protocol-abuse patterns detected at the request level. Layer-7 attacks that bypass volumetric filters get caught here.

Behavioral fingerprinting

Honeypot fields, request timing, header anomalies, and challenge logic working together. Separates legitimate users from automated threats without breaking real users.

Vector 6

Domain & Email Intelligence

Threats don't stop at IP addresses. Catch the look-alike domains targeting your brand and the malicious senders trying to slip past your filters.

Typosquat detection

Fuzzy matching catches domain typosquatting, homoglyph attacks, and look-alike domains targeting your brand before they reach your customers.

Malicious sender intelligence

Email senders scored against the same intelligence engine that powers IP scoring. Catch spam, phishing, and compromised accounts before they hit your inbox.

SIEM export

Push domain and email events into your SIEM in standard formats for unified investigation workflows. Connect Panthero's intelligence to the rest of your security stack.

API & delivery

One API. All six vectors.

Production-grade API designed for high-throughput workloads. Secure by default, fast by design - and the same API powers every vector above.

HMAC authentication

Request-level authentication using HMAC-SHA256 signatures. Every API call is cryptographically verified - no bearer tokens to leak, no sessions to hijack.

Sub-millisecond decisions

Verdicts in under one millisecond on the decision engine. End-to-end latency depends on your network path to our EU regions, but the engine itself never gets in your way.

Stateless sessions

Short-lived JWT tokens for session management with automatic refresh. Scales horizontally without session store dependencies.

Technical specifications

Protocol	HTTPS (TLS 1.3)
Authentication	HMAC-SHA256 + JWT
Response format	JSON
Rate limiting	Per-host configurable

Decision engine	< 1ms
Hosting regions	Across Europe
Compliance	GDPR
Threat records	224M+

See it in action

Start free. Move to Pay-as-you-go when you grow. No commitments, no minimums.

View Pricing Contact Sales

Six vectors of defense. One platform to run them all.